Suspicious File Execution From Mounted ISO

Rule Info

Name
Suspicious File Execution From Mounted ISO
Author
Nasreddine Bencherchali
Description
Detects the execution of a file with a suspicious or double extension from a mounted ISO
Reference
Internal Research
Date
2023-11-07 00:00:00
Modified
None
Id
681da3a7-682c-4e48-a93c-95bf1ab3e1e6
Tags
attack.initial_access attack.t1566.001
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022